1. Field of the Invention
The present invention relates to an authentication system, device, and program using a biometrics technique, for example, an authentication system, device, and program capable of improving convenience of biometric authentication in an open network environment utilizing the Internet or the like.
2. Description of the Related Art
Conventionally, an authentication technique of authenticating a communication party has been an important element when achieving communication or service via a network. In recent years, with prevalence of an open network environment or with development of federation technologies of distributed service resources, a communication party targeted for authentication has been extended up to a range including a person to a use equipment terminal.
In general, when executing authentication, strictly identifying or matching an authentication target can be exemplified as a requirement. At this time, in the case where the authentication target is an individual, there is a need for a principal confirmation technique for strictly confirming whether or not the individual is a principal.
At present, biometrics (biometric matching/authentication technique) can be exemplified as a promising technique that carries out principal confirmation. The biometrics is provided as a technique of matching specific physical/behavioral characteristics or properties that the individuals have with biometrics information registered in advance (hereinafter, biometric template), and then, confirming whether or not the individual is a principal. As biometric information, there are utilized a fingerprint, an iris, a face, a voice, a keystroke, a signature and the like.
In the biometrics, unlike an existing authentication method such as a password, a user's load is reduced because biometric information of which there is no worrying about a loss or forgetting is utilized. In addition, the biometric information presumes that it is difficult to duplicate the information, and is effective to prevent a user spoofing or the like.
However, in biometric authentication, unlike password authentication, a matching result is greatly influenced by an execution environment. For example, with respect to the matching result of password authentication, whether or not the individual is a principal is alternatively expressed regardless of an execution environment of use equipment such as a touch panel or a keyboard. In contrast, with respect to the matching result of biometric authentication, whether or not the individual is a principal is expressed by a specified threshold value in response to a scale such as similarity indicating whether or not the individual resembles a principal. This scale is greatly influenced by an execution environment such as a type of biometric information, precision of a matching device and the like, and a value fluctuates. Thus, in a stationary system in which a predetermined environment can be allocated, there is no significant inconvenience in particular. However, in an open system in which a user's matching environment cannot be constantly allocated, it is deemed to be necessary for a verifier to judge whether authentication is enabled or disabled in accordance with a biometric environment that a requester has, as well as the matching result.
An authentication system using an authentication context represented by Biometric Authentication Context is known as a technique that meets this requirement. For example, reference should be made to Koji Okada, Tatsuro Ikeda, Hidehisa Takamizawa, Toshiaki Saisho, Extensible Personal Authentication Framework using Biometrics and PKI, Pre-Proceedings of The 3rd International workshop for Applied PKI (IWAP2004), pp. 96-107 (hereinafter, referred to as reference 1). Authentication Context is provided as a technique in which a management subject (entity device) that executes each subprocess configuring principal confirmation assures its execution result, thereby making it possible for a verifier to verify validity of the execution result of each subprocess.
In addition, in the technique described in reference 1, a requester's execution environment in which authentication is executed is expressed by a profile, thereby judging whether authentication is enabled or disabled in accordance with a client's biometric environment. The profile used here designates information that specifies an execution environment such as a combination of management subjects that execute principal confirmation, a subprocess executed by each management subject, security enforcement specification between management subjects, a security enforcement rule (including a security level) and the like.
However, according to discussion of the Inventor, in an open system using arbitrary equipment or a public line such as a user of a personal computer (hereinafter, referred to as a PC), even if there is used an authentication system or the like using an authentication context represented by Biometric Authentication Context, there occurs a problem that convenience and adaptability are low, as described below.
The following first to sixth problems are individually described with respect to a case in which convenience and adaptability are low, and all of the problems may not always have to be solved at the same time. Low convenience includes inconvenience for users. Low adaptability includes inconvenience that an authentication system is not adaptive to an arbitrary user's environment.
In addition, these problems each assume a situation in which, when providing service based on a request received from an unspecified number of users via a network, it is judged whether authentication is enabled or disabled in accordance with an unspecified number of matching devices (hereinafter, also referred to as an entity device) connected to the users'personal computers.
(First Problem)
The first problem is that, in a requester's execution environment, in the case where there exist a plurality of entity devices that conform to one profile, an entity device for use in authentication cannot be determined from the plurality of entity devices.
For example, consider that the requester's biometric environment comprises an entity device available from company A having a fingerprint matching function and an entity device available from company B having a face matching function and that both of the entity devices conform to profile requested by a verifier. In this case, it is impossible to determine which entity device is to be used.
Therefore, in the requester's execution environment, in the case where there exist a plurality of entity devices that conform to one profile, biometric authentication lies in a situation in which convenience and adaptability are low.
(Second Problem)
The second problem is that, in addition to the first problem, in the case where mounting or demounting of an entity device occurs, the entity device for use in authentication cannot be dynamically selected.
For example, in the case where an entity device that conforms to a profile which verifier requests is not connected, a requester cannot continue authentication. In this case, it is desirable to notify the fact to the requester, and connect a necessary entity device, thereby making it possible to continue authentication.
Therefore, in the case where mounting or demounting of the entity device occurs as well, biometric authentication lies in a situation in which convenience and adaptability are low.
(Third Problem)
The third problem is that, in addition to the first problem, further, an entity device used in a semi-automatic manner cannot be selected in consideration of a requester's convenience. Namely, in the case where there exist a plurality of entity devices that conform to one profile, there is a possibility that it is inefficient, in terms of convenience, for the requester to select an entity device every time.
For example, in biometric authentication, properties greatly differ depending on modalities (types of biometric information), and adaptabilities may greatly differ depending on requesters. For example, a person with a dry skin is not adaptive to fingerprint authentication.
Therefore, if the requester selects an entity device every time, in the case where efficiency is considered to be poor yet, biometric authentication lies in a situation in which convenience and adaptability are low.
(Fourth Problem)
The fourth problem is that, in the case where there exist a plurality of services which a verifier provides to a requester, and then, profiles different depending on the services are associated, the verifier cannot present services that can be provided in response to the requester's execution environment.
For example, consider that the verifier provides a number of services, but there exists only one type of service that can be provided in response to the requester's execution environment. The verifier cannot present a service that can be provided, thus making it impossible for the requester to judge a compatible service.
In this case, when the requester has requested a certain service, the requester's environment does not correspond to a profile that corresponds to that service, and there is a high possibility that there occurs a circumstance in which authentication cannot be executed. This circumstance is inconvenient for the requester, and the verifier makes the requester feel inconvenient. Thus, the above circumstance is inconvenient for both parties.
Therefore, in the case where there exist a plurality of services for the verifier to provide to the requester, and profiles different depending on the services are associated as well, biometric authentication lies in a situation in which convenience and adaptability are low.
(Fifth Problem)
The fifth problem is that, in the case where biometric authentication is used for a certain service, a profile corresponding to a security level that a requester desires cannot be set with respect to that service.
For example, consider a service that enables utilization of individual properties according to an authentication result, like a settlement request in transfer service in online banking or in online shopping.
In service of this type, although a requester having high security consciousness has used an entity device having a high security level while desiring stricter authentication, a security level that is lower than that of the requester's entity device is specified in a verifier's profile. In this case, there is a possibility that a third party illegally succeeds in authentication by using an entity device having a low security level.
Therefore, in the case where desired security levels are different from each other between the requester and the verifier as well, biometric authentication lies in a situation in which convenience and adaptability are low.
(Sixth Problem)
The sixth problem is that, for example, in the case where profiles are different depending on a transfer amount limit level in online banking service, a requester must select a level of an amount limit and an entity device according to that level every time authentication is carried out.
In this case, for example, it is considered to be desirable from an aspect of a requester's convenience that, in an entity device having a low security level attached to a portable cellular phone, service with a low amount limit is automatically selected; and that in an entity device having a high security level attached to ATM (automatic teller machine), service with a high amount limit can be automatically provided.
Therefore, in the case where profiles are different depending on service levels, biometric authentication lies in a situation in which convenience and adaptability are low.